Kindsight Security Labs Reports Four of the Top Seven Infections Last Week Were Botnets

Kindsight Security Service Detects Malware in Over 12 Percent of Home Networks on a Typical Day
(November 09, 2011)

MOUNTAIN VIEW, CA -- (Marketwire) -- 11/09/11 -- Today Kindsight, a provider of network-based security and analytics solutions, introduced Kindsight Security Labs, a team of security experts with strong backgrounds in malware analysis and network-based intrusion detection. As an active member of the security community, Kindsight Security Labs will now publish their security research related to the different types and volume of malware detected by the Kindsight Security Service as well as emerging threats across the Internet.

In reviewing the data from last week, Kindsight Security Labs found that bots accounted for four of the top seven infections detected and six of the top 20. On a typical day last week, Kindsight detected malware activity coming from 12.2 percent of home networks. When aggregated over 30 days, this indicates an infection rate as high as 30 percent as reported previously.

Heading the list of botnet infections was NineBall, an evolution of the Gumblar bot that steals passwords, installs fake anti-virus and sends spam. At number three was Alureon/DLT/TDSS, an identity theft bot that specializes in credit card information theft. Downadup/Conficker, a computer worm that targets the Microsoft Windows operating system, is at number five. While its command and control infrastructure has been inactive for years, this worm continues to infect PCs because of its ability to spread on its own, without any control infrastructure.

The most dangerous infection on the list is the Zeus Trojan at number seven. This banking Trojan has been responsible for the theft of hundreds of millions of dollars since it first appeared in 2007. The source code for Zeus was released in May 2011, causing an upswing in its infection rate. BTMINE and ZeroAccess round out the bots in the top 20 infections.

"As the threat landscape continues to evolve, home networks -- and, increasingly, mobile devices -- are the primary target," said Kevin McNamee, security architect and director of Kindsight Security Labs. "The main purpose of Kindsight Security Labs is to identify the existence and behavior of malware in the network and develop signatures which can pinpoint these infections with low false positives."

When developing signatures that detect current threats, Kindsight Security Labs looks for network behavior that provides unequivocal evidence of infection coming from the user's computer or device, including malware command and control communications, backdoor connections, attempts to infect others or send excessive email, and other denial of service (DoS) and hacking activity.

About KindsightKindsight offers security and analytics platforms that service providers embed in their networks to analyze Internet traffic for malware and other insights. Backed by the expertise of Kindsight Security Labs, the Security Analytics platform detects infections to protect the network and subscribers while the Security Services platform can increase revenues by offering network-based security services. The Intent Analytics platform scores the traffic of opted-in users to reduce churn through subscriber insights or monetize value-added services through advertising. Majority owned by Alcatel-Lucent, Kindsight is based in Mountain View, CA with offices in Ottawa, ON, Canada. Visit www.kindsight.net for more information.